1. Field of the Invention
The present invention relates to the field of Web portals, and, more particularly, portlets of a Web portal having different portlet specific enablement states.
2. Description of the Related Art
A Web portal is a Web site or service that offers a broad array of resources and information, such as e-mail, search engines, advertising, user-specific reports, personalized contact and task management functions, customized news feeds, local weather, and the like. A Web portal can include multiple Web portlets. Each Web portlet can be a reusable Web component that displays information to portal users from a designated source, which can be different from the source that provides information for the portal.
Portlet specifications can enable interoperability between Web portlets and Web portals. That is, portlet specifications can define a set of Application Program Interfaces (APIs) for portal to portlet communications in areas of aggregation, personalization, presentation, and security. For example, Web Services for Remote Portlets (WSRP) is a standard to access and display portlets that are hosted on a remote server.
Many Web portals include one or more portlet that contains customized information, which may include confidential data. A user typically provides identification and authorization information upon accessing the portal that authenticates a user to access all portal information. Hence, conventional portals are based upon an all-or-nothing model, where a security check is performed for all the portlets by providing a one time password for the portal. The all-or-nothing access model is sufficient as long as a portal user is comfortable with the idea of accessing all areas of the portal using the similar security parameters, even though each portlet can display information having different sensitivity or security levels.
Situations exist where an all-or-nothing model is less than optimal. For example, a user accessing a portal from a public place may wish to review email messages and/or news stories, each of which has a moderately low sensitively level. Another portlet of the portal, however, can contain extremely sensitive information, such as credit card numbers with credit limits and/or bank account numbers with balances. To access the desired information via the portal, the user must risk a possibility of bystanders viewing and abusing the sensitive information. The user can minimize the risk by quickly logging off the portal as soon as possible, which can be inconvenient to the user that desires to spend more time accessing the less sensitive information from one portal. Therefore, conventional technologies require a portal user to comprise between information access and security considerations based upon an all-or-nothing model.